5 ways to prepare your staff for a cyber attack
In a report by BSI’s Cybersecurity and Information Resilience division, it was found that 73% of organisations are worried about security. However, one in six of those has no plan in place and a third conduct no type of security testing.
Almost every day we hear about another cyber-attack. Unfortunately, at the rate cybercrime is increasing, it is now a question of ‘WHEN’ not ‘IF’ a cyber-attack will occur.
Cybercriminals are always advancing and looking for new ways in which they can exploit their next victim. While it is true that a persistent intruder is hard to keep out, there are a number of ways you can prepare your staff to help mitigate the damage done.
Interested in finding out about Cyber Security best practices?
Cyber drills are one of the most effective ways to prepare your staff. They allow you to enact procedures in real action which will, in turn, help you pinpoint where the gaps are in your existing plan. In life, we have to carry out practice drills for everything else in the workplace from fire to intruder, so why should cyber-drills not be mandatory? Rehearsals and drills are a part of life, yet there are still a number of organisations who opt not to practice one of the top risks in the business environment today.
There is a range of tools on offer that will simulate an attack and give you the opportunity to review results and take action. Here are some to consider:
Infection Monkey – An open-source platform where you can run an automated simulation of an attack for elements such as password theft, misconfiguration and compromised properties. It offers a free report and even allows companies to check their infrastructure if they’re running in the cloud.
Threat Cop – A flagship product of Kratikal, which is a security attack simulator and awareness platform. The tool offers real-time simulation of all the current cyber-attacks aimed at employees in the present day and allows analysis to continuously increase the scores of employee vulnerability.
Knowbe4 – Designed to assist with security awareness training as well as simulate attack tests with the focus on the problem of phishing and social engineering. It works by allowing organisations to select a phishing and landing page template, then following the simulation, users are providing with details into what red flags they missed. A detailed PDF is also emailed over with stats and charts that can be shared.
A well-thought-out detail plan that has been practised will provide your staff with the experience needed to deal with an attack in the right way.
Dedicate an incident response budget
The financial implications of cyber attacks are expensive and can have a huge impact on cash flow, especially for smaller businesses. The main factor in the cost of an attack is linked to the length of the attack; the longer it takes to resolve, the more expensive it is. The financial costs of a cyber-attack are expensive and can have a serious effect, especially on smaller businesses. According to research, in 2018, businesses who were hit by an attack experienced a downtime average of 67 minutes. Furthermore, each successful attack cost over £140,000 (an average cost of £2,140 per minute!).
It’s inevitable that if you are hit by an attack, there will aspects you may need to pay for. From hiring external specialists or even paying the ransomware demands. Incident response budgets will mean you are prepared if the worst were to happen and enable you to respond promptly and effectively.
All forms of attack will require a different response. Therefore, it is beneficial to stay up-to-date with the cyber security world. Security-focused events and mailing lists are a good way to do this.
Moreover, by keeping yourself up-to-date with the most prominent threats at the time, you may be able to anticipate the threat you are likely to be faced with. Cyber-criminals are becoming more sophisticated by the day, so the threats occur a couple of months ago could be a world away from the one you are potentially faced with. Having a clear understanding of the types of threats will mean you are prepared when one occurs.
Experts always say you are only as strong as your least informed employee. Cyber-criminals will always be on the lookout for employees using weak passwords or for those that will fall phishing or social engineering attempts. It’s important to inform your employees on the correct procedures to follow if a cyber-criminals were to succeed.
Interactive training sessions are useful for educating staff on best practises relevant to information security. They involve staff members and help get them interested in what they are learning about as well as create a good team atmosphere. It may be beneficial to get an outsourced professional in to carry out the training sessions as they will have additional expertise in security and threats.
By making your employees aware of the right procedures and policies, you will help them feel more prepared. Regular emails and posters around the office are a good way to keep them informed.
Consider an outsourced team
Although you may prefer to keep your security team internal, the additional support of an outsourced team can prove to be very helpful, especially when an attack occurs. Outsourced experts will have faster response times as well as a larger budget. Furthermore, they can offer additional expertise and insight you probably wouldn’t have in-house.
In the present day, cyber security jobs are in high demand. Therefore, being able to find a ‘pro’ to base in-house can be a challenge and expensive. End-to-end security monitoring services are a viable choice for companies without large IT budgets.
If your business were to be hit by a cyber-attack tomorrow, would you and your staff be prepared?
Please get in touch for more information on how we can help improve the cyber security in your business.